package org.example.xx2.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        System.out.println("SecurityConfig loaded!");
        http
            .csrf().disable()
            .authorizeHttpRequests()
                .requestMatchers(
                    "/api/user/login",
                    "/api/user/register",
                    "/api/user/forgot-password/**",
                    "/static/**",
                        "/static/index.html",
                        "/static/login.html",
                        "/static/register.html"
                ).permitAll()
                .anyRequest().permitAll() // 临时放开所有接口，排查权限问题
            .and()
            .formLogin().disable()
            .httpBasic().disable();

        return http.build();
    }
}